 sj |
||
|
||
BS: A New Kind of Malware Attack
|
|
|
|||||||
|
BS: A New Kind of Malware Attack |
Share Thread
|
||||||
|
Subject: BS: A New Kind of Malware Attack From: JohnInKansas Date: 20 Dec 13 - 05:39 PM News reports indicate that "Target" stores in the US were believed to have been attacked by a new method for stealing consumer data, that may have exposed personal/account information for anyone who used a credit or debit charge for a purchase between Black Friday (27 Nov) and "about 15 December." Past attacks have hit the databases where customer information is stored. This attack is believed to have intercepted the information transmitted between the "point of sale" machines (where customers swipe their cards) and the credit/debit card companies. By using this method, most vulnerable information that would be in Target's customer database is obtainable, but in addition the "authentication code" from the individual card would also be accessible. News reports thus far suggest that even Target hasn't figured out how it was done, but the "experts" elsewhere say that no attacks of this kind have been previously known. If it worked at Target, it may be expected that other businesses should expect similar attacks soon.(?) For the present, only people who made debit/credit card purchases at Target during the shopping spree period indicated should need to be concerned. Target should provide more information to those affected as soon as they figure out what happened(?) One recent report: Massive Target credit card breach new step in security war with hackers Keith Wagstaff NBC News 19 December 2013 It looks like hackers hit the bulls-eye with the recent unprecedented hack of Target credit and debit card information. Not only was the digital heist huge — up to 40 million consumers might have had their data stolen — but the degree of difficulty indicates another step in the security arms race between criminals and merchants. The hack affected customers who shopped at U.S. Target retail stores between Black Friday, Nov. 27, and Dec. 15, security researcher Brian Krebs first reported on his blog on Wednesday. That report was confirmed by Target in an official statement on Thursday. "I don't know how they did it," James Wester, research director of IDC Financial Insights, told NBC News. Normally, hackers attack databases where credit card information is stored, which is where most companies put their security resources. Those types of attacks, Wester said, are difficult enough. This latest incident, however, likely involved an attack on Target's point-of-sale (POS) system, most security experts agreed, meaning that customer information was probably sent directly from the store's mounted cash registers to the hackers themselves, probably due to malicious software. "That is what is kind of mystifying at this point," Wester said. "It seems like from a security standpoint, Target was doing all of the right things, and somehow this code was put on the POS system, which isn't a normal access point for hackers." Why would that be so bad? Because hackers could get their hands on what's called "track data," which is transmitted every time a card's magnetic strip is swiped. That information includes a cardholder's name, a service code used to identify international transactions, and the credit card's number and expiration date. Merchants like Target, as well as payment processors that store customer data for smaller businesses, aren't legally allowed to store CVV information in their databases. With that information, criminals don't have to go through the trouble of manufacturing counterfeit credit cards, Dave Lott, retail payments risk expert at the Federal Reserve Bank of Atlanta, told NBC News. For only about $100, criminal outfits can buy equipment that allows them to print out cards for people to use at cash registers anywhere, and never be bothered for a CVV code. Instead, codes in-hand, criminals can simply purchase things online, often waiting months to use credit card numbers so that customers drop their guard after the media attention over a security breach has died down. "These are often very well-organized, multinational outfits," Lott said. Criminal organizations can also sell the data on the black market, where credit card numbers have fetched $1 apiece — not a small haul when multiplied by the thousands or millions. While it's unclear whether the number of credit and debit card hacks have increased over recent years, Lott said, the size of the breaches has increased as criminals look to make the risk associated with hacking sophisticated security measures worth their while. Target has not commented on how the breach was discovered or whether hackers did in fact infiltrate its POS system. "I can't comment on the specifics, but can share that payment data that could have been exposed could include a person's name, CVV, account number and expiration date," Molly Snyder, a Target spokesperson, told NBC News in an email, adding only that the company knew of the breach "as of Dec. 15." [Watch for more news - since what's been dished out so far is pretty sparse.] John |
|
Subject: RE: BS: A New Kind of Malware Attack From: SINSULL Date: 20 Dec 13 - 07:52 PM Several people I know used their cards at Target during the time period involved. They have reported their cards stolen, gotten new cards and new codes. Hopefully it is enough. I will us cash for now. SINS |
|
Subject: RE: BS: A New Kind of Malware Attack From: Q (Frank Staplin) Date: 20 Dec 13 - 08:05 PM Here (Canada), MasterCard and Visa are connected in their activities with major banks. My credit card activity is on my bank statements. I haven't used a store credit or debit card for many years. Until the hackers become able to get the bank data, I seem to be safe. Cash- I haven't used it for a purchase over $10 for years. Not even sure what larger bills look like. |
|
Subject: RE: BS: A New Kind of Malware Attack From: Jeri Date: 20 Dec 13 - 08:16 PM Q, I don't think these people were using just Target credit cards. They were using credit cards AT Target. So the hackers were, in fact, able to get bank data. I had to replace my Visa card twice in one year because hackers got data in between the POS and the the credit verification service, so they got that information 5 or so years ago. But cash is a safe, if radical, type of currency. |
|
Subject: RE: BS: A New Kind of Malware Attack From: gnu Date: 20 Dec 13 - 08:18 PM I use cash and, occasionally, Visa for certain payments. I use Visa on the phone only, only with reputable companies and I record these calls using a digital recorder and a camcorder (recording the dialing on a display phone and the rest of the coversation). Now. You may think that is paranoid or overkill but I am an engineer. I learned MANY years ago and now 'live' my credo which has served me well in many millions of dollars of disputes... 'If it ain't in writing, it never happened.' When that voice says "Your call will be recorded for....", I always say, "You too." Document. |
|
Subject: RE: BS: A New Kind of Malware Attack From: GUEST,.gargoyle Date: 20 Dec 13 - 08:25 PM Dear Mr. Q If for only the wonder ... go to a bank and secure the newest "Benjamin." Take a jewler's glass and take some time. You will be awe-struck. Thee and me move in opposite worlds... Sincerely, Gargoyle "cash is king" ... and I have never, yet, had a Ben, Abe, or George ... rejected for "insufficent funds." |
|
Subject: RE: BS: A New Kind of Malware Attack From: Rapparee Date: 20 Dec 13 - 09:01 PM Our new Mastercards are coming. Something about the USD 600+ charge for tickets in Turkey alerted our Mastercard provider...which is why we only use MC for online transactions and Visa for the rest. Our MC limit is high enough to be useful but low enough (and kept that way) to be manageable. I place no faith in computers -- 12 years as a sysad and my wife's experience with them goes back to the late '60s. |
|
Subject: RE: BS: A New Kind of Malware Attack From: Q (Frank Staplin) Date: 20 Dec 13 - 09:17 PM Canada will go to new plastic currency soon, I heerd tell. No Benjamin, Abe or George here- Queen Liz and some old Canadians. |
|
Subject: RE: BS: A New Kind of Malware Attack From: Jeri Date: 20 Dec 13 - 09:54 PM Didn't they already go plastic? I got a couple of un-crumpleable $20s the last time I was there. |
|
Subject: RE: BS: A New Kind of Malware Attack From: JohnInKansas Date: 20 Dec 13 - 11:11 PM In an effort to make their customers happy, Target has announced that: "We're in this together, and in that spirit, we are extending a 10 percent discount — the same amount our team members receive — to guests who shop in U.S. stores on Dec. 21 and 22." The offer is limited to one in-store transaction per guest. (Target has also pledged free credit monitoring for affected customers.) See: Target offers discounts as investigators look at overseas hackers There have been reports of "hacks" capable of reading the mag stripe at the POS for some time, but the previous versions all relied on a physical device able to pick up the signal "near" the terminal when the card was swiped. This exploit is believed to have used malware installed in the POS terminals, and may be an entirely new method. Under "new threats" a couple of Israeli John |
|
Subject: RE: BS: A New Kind of Malware Attack From: GUEST,leeneia Date: 21 Dec 13 - 12:06 AM I don't think cash is safe. I would much rather risk losing $50 to a scammer than be attacked by a thug for the cash I am carrying. A couple of months ago, a criminal attacked a woman age 61 at my grocery store. He threw her to the ground, snatched her purse and managed to knock out five of her teeth in the process. Then he sped off in a car and ran into a tree at high speed. I'm glad he ran into a tree rather than into people. ========== John, now we know why the background music in American stores is so loud and irritating. |
|
Subject: RE: BS: A New Kind of Malware Attack From: JohnInKansas Date: 21 Dec 13 - 10:00 AM A new report claims that some Canadian "scientists" have "demonstrated the feasibility of transmitting data" by smell. They used a common garden sprayer to produce bursts of alcohol vapor, blown across a table top by a small fan and detected by sensors from a "police breathalyser" to send and detect a short text message. The claim is that their method is based on the way that pheromones are used to send signals in nature, and one side comment likens the method to the way that "dogs mark their territory." Their claim that this is something "new and radically different" is difficult to to accept due to the prevalence of "alcoholic enhancement" of much social communication, which has been a known method for centuries. While generally "translated" for posting, the use of "smells" for communication has been amply demonstrated by our own SPAW for some decades, in the well known quotes of: BBBBBRRRRRRAAAAAAAAWWWWWMMMMMMPPPPPPPPPP' with precise and exqusitely clear meaning. While there is the possibility that soon the malware producers may be able to tell everything about you from the SMELL of your computer, this does not appear to represent an immediate threat. Those who wish to ponder the pontential future hazard may view the referenced article at: How Canadian scientists used a mist of alcohol to develop a new pheromone-inspired way to send text messages John |
